Remove user's access tokens on password change

cortezaproject · Nov 10, 2021 · 0157719 · 0157719
1 parent a385fe1
commit 0157719
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/system/service/auth.go b/system/service/auth.go
@@ -607,6 +607,10 @@ func (svc auth) ChangePassword(ctx context.Context, userID uint64, oldPassword,
 			return err
 		}
 
+		if err = svc.RemoveAccessTokens(ctx, u); err != nil {
+			return err
+		}
+
 		return nil
 	}()
 

diff --git a/system/service/user.go b/system/service/user.go
@@ -697,7 +697,7 @@ func (svc user) SetPassword(ctx context.Context, userID uint64, newPassword stri
 		a       = UserActionSetPassword
 	)
 
-	err = func() error {
+	err = func() (err error) {
 		if u, err = store.LookupUserByID(ctx, svc.store, userID); err != nil {
 			return err
 		}
@@ -712,6 +712,10 @@ func (svc user) SetPassword(ctx context.Context, userID uint64, newPassword stri
 			return UserErrNotAllowedToUpdate()
 		}
 
+		if err = svc.auth.RemoveAccessTokens(ctx, u); err != nil {
+			return
+		}
+
 		if newPassword == "" {
 			a = UserActionRemovePassword
 			return svc.auth.RemovePasswordCredentials(ctx, userID)
@@ -721,8 +725,8 @@ func (svc user) SetPassword(ctx context.Context, userID uint64, newPassword stri
 			return UserErrPasswordNotSecure()
 		}
 
-		if err := svc.auth.SetPasswordCredentials(ctx, userID, newPassword); err != nil {
-			return err
+		if err = svc.auth.SetPasswordCredentials(ctx, userID, newPassword); err != nil {
+			return
 		}
 
 		return nil